> ## Documentation Index
> Fetch the complete documentation index at: https://docs.binarly.io/llms.txt
> Use this file to discover all available pages before exploring further.

# User Authentication

Authenticate as a user to perform ad-hoc queries or engineer-level tasks. This method requires a username (email) and password.

<Warning>
  **Not for Automation**
  This method requires a specific user's credentials and is **not recommended** for CI/CD pipelines. For automated integration, use [M2M Authentication](/api-reference/authentication/create-api-client).
</Warning>

<Note>
  **SSO Not Supported**
  This authentication method does **not** work with SSO (SAML, OIDC federation). Users must have a dedicated username and password configured directly in Keycloak. This approach ties API usage to individual BTP users and respects RBAC permissions.
</Note>

## Password Grant Flow

Use this flow for interactive access where you can securely provide your user credentials.

### Request

<CodeGroup>
  ```bash Request theme={null}
  # 1. Set your credentials
  export BINARLY_EMAIL="your-email@example.com"
  export BINARLY_PASSWORD="your-password"
  # Replace {slug} with your organization's tenant identifier
  export BINARLY_AUTH_URL="https://auth-{slug}.binarly.cloud/realms/BinarlyRealm/protocol/openid-connect/token"

  # 2. Request the token
  curl -v -s -H "Content-Type: application/x-www-form-urlencoded" \
    --data-urlencode "grant_type=password" \
    --data-urlencode "scope=openid" \
    --data-urlencode "client_id=BinarlyClient" \
    --data-urlencode "username=${BINARLY_EMAIL}" \
    --data-urlencode "password=${BINARLY_PASSWORD}" \
    "${BINARLY_AUTH_URL}"
  ```
</CodeGroup>

### Response

The response contains the `access_token` needed for API requests.

```json theme={null}
{
  "access_token": "eyJhbGciOiJSUzI1NiIs...",
  "token_type": "Bearer",
  "expires_in": 1800
}
```

## Next Steps

Include this token in the `Authorization` header of your API requests:

`Authorization: Bearer <access_token>`